# This is the configuration file for the etcd server.

# Human-readable name for this member.
name: '{{ etcd_name }}'

# Path to the data directory.
data-dir: {{ etcd_datadir }}

# Path to the dedicated wal directory.
wal-dir: {{ etcd_wardir }}

# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000

# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100

# Time (in milliseconds) for an election to timeout.
election-timeout: 1000

# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0

# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: {{ etcd_listen_peer_urls }}

# List of comma separated URLs to listen on for client traffic.
listen-client-urls: {{ etcd_listen_client_urls }}

# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5

# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5

# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors: 

# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: {{ etcd_initial_advertise_peer_urls }}
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: {{ etcd_advertise_client_urls }}

{% if etcd_discovery %}
# Discovery URL used to bootstrap the cluster.
discovery: {{ etcd_discovery }} 

# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'

# HTTP proxy to use for traffic to discovery service.
discovery-proxy: 

# DNS domain used to bootstrap initial cluster.
discovery-srv: 
{% endif %}

{% if etcd_initial_cluster %}
# Initial cluster configuration for bootstrapping.
initial-cluster: {{ etcd_initial_cluster }}

# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: '{{ etcd_initial_cluster_token }}'

# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'
{% endif %}

# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false

# Accept etcd V2 client requests
enable-v2: true

{% if etcd_proxy %}
# Valid values include 'on', 'readonly', 'off'
proxy: 'on'

# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000

# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000

# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000

# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000

# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0
{% endif %}

client-transport-security: 
  {% if etcd_trusted_ca_file %}
  # DEPRECATED: Path to the client server TLS CA file.
  ca-file: {{ etcd_trusted_ca_file }}
  {% endif %}
  {% if etcd_cert_file %}
  # Path to the client server TLS cert file.
  cert-file: {{ etcd_cert_file }}
  {% endif %}
  {% if etcd_key_file %}
  # Path to the client server TLS key file.
  key-file: {{ etcd_key_file }}
  {% endif %}
  {% if etcd_trusted_ca_file and etcd_cert_file and etcd_key_file %}
  # Enable client cert authentication.
  client-cert-auth: true
  {% endif %}
  {% if etcd_trusted_ca_file %}
  # Path to the client server TLS trusted CA key file.
  trusted-ca-file: {{ etcd_trusted_ca_file }}
  {% endif %}
  {% if etcd_auto_tls %}
  # Client TLS using generated certificates
  auto-tls: {{ etcd_auto_tls }}
  {% endif %}

peer-transport-security: 
  {% if etcd_peer_trusted_ca_file %}
  # DEPRECATED: Path to the peer server TLS CA file.
  ca-file: {{ etcd_peer_trusted_ca_file }}
  {% endif %}
  {% if etcd_peer_cert_file %}
  # Path to the peer server TLS cert file.
  cert-file: {{ etcd_peer_cert_file }}
  {% endif %}
  {% if etcd_peer_key_file %}
  # Path to the peer server TLS key file.
  key-file: {{ etcd_peer_key_file }}
  {% endif %}
  {% if etcd_peer_trusted_ca_file and etcd_peer_key_file and etcd_peer_cert_file %}
  # Enable peer client cert authentication.
  client-cert-auth: true
  {% endif %}
  {% if etcd_peer_trusted_ca_file %}
  # Path to the peer server TLS trusted CA key file.
  trusted-ca-file: {{ etcd_peer_trusted_ca_file }}
  {% endif %}
  {% if etcd_auto_tls %}
  # Peer TLS using generated certificates.
  auto-tls: {{ etcd_auto_tls }}
  {% endif %}

# Enable debug-level logging for etcd.
debug: {{ etcd_debug }}

# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels: 

# Force to create a new one member cluster.
force-new-cluster: {{ etcd_force_new_cluster }}
